Matthew Wild <mwild1@gmail.com> [Mon, 25 Apr 2022 15:24:56 +0100] rev 12481
util.argparse: Revise 553c6204fe5b with a different approach
The second return value is (not insensibly) assumed to be an error. Instead of
returning a value there in the success case, copy the positional arguments
into the existing opts table.
Matthew Wild <mwild1@gmail.com> [Mon, 25 Apr 2022 15:09:53 +0100] rev 12480
Merge 0.12->trunk
Matthew Wild <mwild1@gmail.com> [Mon, 25 Apr 2022 15:09:41 +0100] rev 12479
util.argparse: Return final 'arg' table with positional arguments for convenience
This is the same as the input table (which is mutated during processing), but
if that table was created on the fly, such as by packing `...` it's convenient
if it also gets returned from the parse function.
Matthew Wild <mwild1@gmail.com> [Mon, 25 Apr 2022 15:07:49 +0100] rev 12478
mod_s2s: Improve robustness of outgoing s2s certificate verification
This change ensures we have positively verified the certificates of the server
we are connecting to before marking the session as authenticated. It protects
against situations where the verify-or-close stage of the connection was
interrupted (e.g. due to an uncaught error).
Thanks to Zash for discovery and testing.
Kim Alvefur <zash@zash.se> [Mon, 25 Apr 2022 14:41:54 +0200] rev 12477
mod_s2s: Distinguish DANE TLSA errors from generic cert chain errors
Otherwise it would just report "is not trusted" unless you inspect the
logs. This message is sent to to the remote server, and will hopefully
show up in their logs, allowing the admin to fix their DANE setup.
Kim Alvefur <zash@zash.se> [Mon, 25 Apr 2022 14:36:56 +0200] rev 12476
mod_s2s: Recognise and report errors with CA or intermediate certs
Should be invoked for cases such as when the Let's Encrypt intermediate
certificate expired not too long ago.
Kim Alvefur <zash@zash.se> [Sun, 24 Apr 2022 16:17:32 +0200] rev 12475
mod_smacks: Improve activation of smacks on outgoing s2s
Using a timer was a hack to get around that stream features are not
available at the right time and sendq stanzas were stored as strings
so could not be counted properly. The later has now been fixed and the
former is fixed by recording the relevant stream feature on the session
so that the correct version of XEP-0198 can be activated once the
connection has been authenticated and is ready to start.
Kim Alvefur <zash@zash.se> [Sat, 23 Apr 2022 14:37:43 +0200] rev 12474
util.crand: Reduce scope here too
Same as previous commit
Kim Alvefur <zash@zash.se> [Sat, 23 Apr 2022 14:29:43 +0200] rev 12473
util.strbitop: Reduce scope of functions
Equivalent to 'local' in Lua, these functions are exported via the
luaopen_ function, which is the only one needing to be visible outside
of the file.
Pointed out by Link Mauve at some point, but there wasn't really any
rush here.
Kim Alvefur <zash@zash.se> [Wed, 20 Apr 2022 22:41:54 +0200] rev 12472
net.connect: Fix accumulation of connection attempt references
Connection attempts that failed the Happy Eyeballs race were not
unreferenced and would accumulate.
Tested by inspecting the 'pending_connections_map' after establishing
s2s with a s2s target where the IPv6 port has a -j DROP rule causing it
to time out and the IPv4 attempt wins the race.
Expected is that the losing connection stays around until net.server
timeouts kick in where it should be removed. The map table should tend
towards being empty during idle times.